Last Comment Bug 594760 - activeContent in nsEventStateManager::PostHandleEvent looks unsafe
: activeContent in nsEventStateManager::PostHandleEvent looks unsafe
Status: RESOLVED FIXED
[sg:critical?][critsmash:patch]
:
Product: Core
Classification: Components
Component: DOM: Events (show other bugs)
: unspecified
: x86 All
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug]
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-09 07:05 PDT by Olli Pettay [:smaug]
Modified: 2010-10-30 18:13 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
needed
.11-fixed
needed
.14-fixed


Attachments
patch (1.05 KB, patch)
2010-09-09 07:05 PDT, Olli Pettay [:smaug]
roc: review+
roc: approval2.0+
dveditz: approval1.9.2.11+
dveditz: approval1.9.1.14+
Details | Diff | Review

Description Olli Pettay [:smaug] 2010-09-09 07:05:29 PDT
Created attachment 473527 [details] [diff] [review]
patch

The variable is nsIContent*, but scripts may run before it is used.

I don't have a testcase, but based on code this might lead to crash when
using image maps and deleting the image element when it gets focus.
Or something like that.
Comment 1 Daniel Veditz [:dveditz] 2010-09-27 13:52:20 PDT
Comment on attachment 473527 [details] [diff] [review]
patch

Approved for 1.9.2.11 and 1.9.1.14, a=dveditz

Note You need to log in before you can comment on or make changes to this bug.